Comment by danwee
3 years ago
Even if the loop is just one iteration, it's already breaking the internet. I cannot stand web sites that show the CloudFlare verification page before you can access. It's just ridiculous.
3 years ago
Even if the loop is just one iteration, it's already breaking the internet. I cannot stand web sites that show the CloudFlare verification page before you can access. It's just ridiculous.
The page sometimes keeps refreshing literally forever. Completely ignoring my unconfirmed "Allow this page to reload?" prompt. I left it "checking" for hours once. No luck.
This is exactly what the OP is complaining about - endless loops that never complete.
I agree
I've got a Firefox extension that tells me if a site appears to be using Cloudflare - and I avoid all the ones I can
But I'm stuck with that stupid Cloudflare slowdown screen for the portal to my dr's office
Isn't this for stopping DDoS?
Yes, but aren't there more viable options? Like: a transition page that just waits for 5 seconds before loading. Then I don't have to, as an Asian, wonder how American school buses look like when I "click on all squares that have a bus". As though stop signs, buses and yachts are somehow universally the same all over the world.
CAPCHA/RECAPCHA is the internet version of the infamous "regatta" question on SAT [1].
[1] https://www.clearchoiceprep.com/sat-act-prep-blog/the-most-i...
> Then I don't have to, as an Asian, wonder how American school buses look like when I "click on all squares that have a bus"
It is funny how our five year old daughter can recognise what American school buses look like, simply through media exposure, despite the fact that buses in our country look completely different (and our school buses don't look different from public transport buses, since they are the exact same buses and drivers, just scheduled on school routes instead of public ones.)
Sometimes I can get rather critical of American cultural imperialism, but this kind of thing is more at the amusing than concerning end of that spectrum. It is a good example though of how many American businesses are happy to offer their products outside the US with minimal or no attempt at localisation–and either don't realise the reality of that lacking localisation, or do yet don't care. It is particularly a problem I think with other English-speaking countries, where people just assume that if the language is the same everything else must be, or else their idea of the differences is limited to a handful of well-known items like date formats
That's what it is for, but most setups don't have it setup correct (the verification page should ONLY appear during an actual DDoS, and even then only against IPs that appear to be participating).
It wants to do a bit of cryptography, which means that if scripts/WASM/etc are disabled, you can be out of luck.
I have noticed my CPU spike during these checks; however, I have factory settings for Firefox and haven't disabled scripts/WASM/etc. Is there some setting that Firefox might default to that could cause this?
1 reply →
No. Cloudflare offers different levels of protection. One level is ‘prevent DDoS.’ Another level is ‘prevent bots from accessing the site at all.’ Not all bots are part of a DDoS. The problem is that many website owners turn on the second setting, because ‘bots are bad,’ without realizing that this means that some of their users are going to have to fill out Captchas.
(Comment written from memory, I may have details wrong.)
Sometimes it's a lesser evil. Clouflare blocks about 1.6 million bot search queries per day on my search engine. Simply could not operate it without this inconvenience.
7 replies →
But you know the website might have sooper sekret information they want to protect, which is why it's been published on a public website.
Speaking of bullshit restrictions designed to encourage compliance with surveillance, have imgur links just straight up stopped working for anyone else recently? I'm coming from a datacenter IP. I assume it's just some heavy handed part of the cost cutting push they announced.
Verification isn't about keeping secrets, obviously, it's about restricting the velocity of bots and their ability (intentional or not) to degrade your site's performance/availability.
There are too many bots out there that are very inconsiderate and do not limit or throttle themselves.
We have one right now that crawls every single webpage (and we have 10's of thousands) every couple days, without any throttle or limit. It's likely somebody's toy scraper, and currently it's doing no harm, but not everyone has the server resources we have.
The point is - if you are dealing with inconsiderate bots, a captcha of some type is pretty nearly a bullet proof way to stop them.
With that said, Cloudflare usually is smart enough to detect unusual patterns, and present a challenge to only those who they believe are bots or up to no good. If every person gets a challenge, then the website operator is either experiencing an active attack, or has accidentally set their security configuration too high.
I do know the common narrative. FUD -> more snake oil "solutions". I myself rely on a special type of igneous rock that keeps hackers away. In reality:
1. Most sites only have this problem due to inefficient design. You are literally complaining about handling 1 request every 2 seconds! That's like a "C10μ problem."
2. How many IPs are these bots coming from? Rate limiting per source IP wouldn't be nearly as intrusive.
3. There are much less obtrusive ways of imposing resource requirements on a requester, like say a computational challenge.
9 replies →
> The point is - if you are dealing with inconsiderate bots, a captcha of some type is pretty nearly a bullet proof way to stop them.
Not any more.
3 replies →
CloudFlare is usually there to mitigate bots attacking. Without which, the site wouldn't be available to view in the first place.
CloudFlare is merely the symptom of a greater set of problems, which it attempts to mitigate.
If you want to be angry about something, be angry that bruteforce attacks are common, guzzle resources and usually yield zero legal repercussions in most cases.
Personally, I have no problem with CloudFlare's bot protection. My problem is with CloudFlare's lack of diagnostics and community involvement to resolve/explain false positives. I have no idea what obscure default setting to change in Firefox to make it work.
[deleted]
2 replies →
Imgur links haven't worked on my VPN for a long time.
Even if they did, I'd still avoid imgur since they censor even worse than reddit.